redis-cluster
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# This file has been modified by Chainguard, Inc.
2
#
3
# Copyright Chainguard, Inc. All Rights Reserved.
4
# Chainguard, Inc. modifications are subject to the license
5
# available at: https://www.chainguard.dev/legal/software-license-agreement
6
#
7
# Copyright Broadcom, Inc. All Rights Reserved.
8
# SPDX-License-Identifier: APACHE-2.0
9
10
## @section Global parameters
11
## Global Docker image parameters
12
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
13
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
14
##
15
16
## @param global.imageRegistry Global Docker image registry
17
## @param global.imagePullSecrets Global Docker registry secret names as an array
18
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
19
## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead
20
## @param global.redis.password Redis® password (overrides `password`)
21
##
22
global:
23
imageRegistry: ""
24
## E.g.
25
## imagePullSecrets:
26
## - myRegistryKeySecretName
27
##
28
imagePullSecrets: []
29
defaultStorageClass: ""
30
storageClass: ""
31
## Security parameters
32
##
33
security:
34
## @param global.security.allowInsecureImages Allows skipping image verification
35
allowInsecureImages: false
36
redis:
37
password: ""
38
## Compatibility adaptations for Kubernetes platforms
39
##
40
compatibility:
41
## Compatibility adaptations for Openshift
42
##
43
openshift:
44
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
45
##
46
adaptSecurityContext: auto
47
org: ""
48
## @section Redis(R) Cluster Common parameters
49
##
50
51
## @param nameOverride String to partially override common.names.fullname template (will maintain the release name)
52
##
53
nameOverride: ""
54
## @param fullnameOverride String to fully override common.names.fullname template
55
##
56
fullnameOverride: ""
57
## @param namespaceOverride String to fully override common.names.namespace template
58
##
59
namespaceOverride: ""
60
## @param clusterDomain Kubernetes Cluster Domain
61
##
62
clusterDomain: cluster.local
63
## @param commonAnnotations Annotations to add to all deployed objects
64
##
65
commonAnnotations: {}
66
## @param commonLabels Labels to add to all deployed objects
67
##
68
commonLabels: {}
69
## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template)
70
##
71
extraDeploy: []
72
## Enable diagnostic mode in the deployment
73
##
74
diagnosticMode:
75
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
76
##
77
enabled: false
78
## @param diagnosticMode.command Command to override all containers in the deployment
79
##
80
command:
81
- sleep
82
## @param diagnosticMode.args Args to override all containers in the deployment
83
##
84
args:
85
- infinity
86
## Iamguarded Redis® image version
87
## ref: https://hub.docker.com/r/iamguarded/redis/tags/
88
## @param image.registry [default: REGISTRY_NAME] Redis® cluster image registry
89
## @param image.repository [default: REPOSITORY_NAME/redis-cluster] Redis® cluster image repository
90
## @skip image.tag Redis® cluster image tag (immutable tags are recommended)
91
## @param image.digest Redis® cluster image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
92
## @param image.pullPolicy Redis® cluster image pull policy
93
## @param image.pullSecrets Specify docker-registry secret names as an array
94
## @param image.debug Enable image debug mode
95
##
96
image:
97
registry: cgr.dev
98
repository: chainguard-private/redis-cluster-iamguarded
99
tag: 8.6.1
100
digest: ""
101
## Specify a imagePullPolicy
102
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
103
##
104
pullPolicy: IfNotPresent
105
## Optionally specify an array of imagePullSecrets.
106
## Secrets must be manually created in the namespace.
107
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
108
## e.g:
109
## pullSecrets:
110
## - myRegistryKeySecretName
111
##
112
pullSecrets: []
113
## Enable debug mode
114
##
115
debug: false
116
## Network Policy configuration
117
## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
118
##
119
networkPolicy:
120
## @param networkPolicy.enabled Enable creation of NetworkPolicy resources
121
##
122
enabled: true
123
## @param networkPolicy.allowExternal The Policy model to apply
124
## When set to false, only pods with the correct client label will have network access to the ports Redis(R) Cluster is
125
## listening on. When true, Redis(R) Cluster will accept connections from any source (with the correct destination port).
126
##
127
allowExternal: true
128
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
129
##
130
allowExternalEgress: true
131
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
132
## e.g:
133
## extraIngress:
134
## - ports:
135
## - port: 1234
136
## from:
137
## - podSelector:
138
## - matchLabels:
139
## - role: frontend
140
## - podSelector:
141
## - matchExpressions:
142
## - key: role
143
## operator: In
144
## values:
145
## - frontend
146
##
147
extraIngress: []
148
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
149
## e.g:
150
## extraEgress:
151
## - ports:
152
## - port: 1234
153
## to:
154
## - podSelector:
155
## - matchLabels:
156
## - role: frontend
157
## - podSelector:
158
## - matchExpressions:
159
## - key: role
160
## operator: In
161
## values:
162
## - frontend
163
##
164
extraEgress: []
165
## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
166
## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
167
##
168
ingressNSMatchLabels: {}
169
ingressNSPodMatchLabels: {}
170
serviceAccount:
171
## @param serviceAccount.create Specifies whether a ServiceAccount should be created
172
##
173
create: true
174
## @param serviceAccount.name The name of the ServiceAccount to create
175
## If not set and create is true, a name is generated using the fullname template
176
##
177
name: ""
178
## @param serviceAccount.annotations Annotations for Cassandra Service Account
179
##
180
annotations: {}
181
## @param serviceAccount.automountServiceAccountToken Automount API credentials for a service account.
182
##
183
automountServiceAccountToken: false
184
rbac:
185
## @param rbac.create Specifies whether RBAC resources should be created
186
##
187
create: false
188
role:
189
## @param rbac.role.rules Rules to create. It follows the role specification
190
## rules:
191
## - apiGroups:
192
## - extensions
193
## resources:
194
## - podsecuritypolicies
195
## verbs:
196
## - use
197
## resourceNames:
198
## - gce.unprivileged
199
##
200
rules: []
201
## Redis® pod Security Context
202
## @param podSecurityContext.enabled Enable Redis® pod Security Context
203
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
204
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
205
## @param podSecurityContext.fsGroup Group ID for the pods
206
## @param podSecurityContext.sysctls Set namespaced sysctls for the pods
207
##
208
podSecurityContext:
209
enabled: true
210
fsGroupChangePolicy: Always
211
supplementalGroups: []
212
fsGroup: 1001
213
## Uncomment the setting below to increase the net.core.somaxconn value
214
## e.g:
215
## sysctls:
216
## - name: net.core.somaxconn
217
## value: "10000"
218
##
219
sysctls: []
220
## @param podDisruptionBudget DEPRECATED please use pdb instead
221
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions
222
##
223
podDisruptionBudget: {}
224
## Pod Disruption Budget configuration
225
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
226
##
227
pdb:
228
## @param pdb.create Created a PodDisruptionBudget
229
##
230
create: true
231
## @param pdb.minAvailable Min number of pods that must still be available after the eviction.
232
## You can specify an integer or a percentage by setting the value to a string representation of a percentage (eg. "50%"). It will be disabled if set to 0
233
##
234
minAvailable: ""
235
## @param pdb.maxUnavailable Max number of pods that can be unavailable after the eviction.
236
## You can specify an integer or a percentage by setting the value to a string representation of a percentage (eg. "50%"). It will be disabled if set to 0
237
##
238
maxUnavailable: ""
239
## Containers Security Context
240
## @param containerSecurityContext.enabled Enabled containers' Security Context
241
## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
242
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
243
## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
244
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
245
## @param containerSecurityContext.privileged Set container's Security Context privileged
246
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
247
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
248
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
249
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
250
##
251
containerSecurityContext:
252
enabled: true
253
seLinuxOptions: {}
254
runAsUser: 1001
255
runAsGroup: 1001
256
runAsNonRoot: true
257
privileged: false
258
readOnlyRootFilesystem: true
259
allowPrivilegeEscalation: false
260
capabilities:
261
drop: ["ALL"]
262
seccompProfile:
263
type: "RuntimeDefault"
264
## @param usePassword Use password authentication
265
##
266
usePassword: true
267
## @param password Redis® password (ignored if existingSecret set)
268
## Defaults to a random 10-character alphanumeric string if not set and usePassword is true
269
## ref: https://github.com/iamguarded/containers/tree/main/iamguarded/redis#setting-the-server-password-on-first-run
270
##
271
password: ""
272
## @param existingSecret Name of existing secret object (for password authentication)
273
##
274
existingSecret: ""
275
## @param existingSecretPasswordKey Name of key containing password to be retrieved from the existing secret
276
##
277
existingSecretPasswordKey: ""
278
## @param usePasswordFiles Mount passwords as files instead of environment variables
279
##
280
usePasswordFiles: true
281
##
282
## TLS configuration
283
##
284
tls:
285
## @param tls.enabled Enable TLS support for replication traffic
286
##
287
enabled: false
288
## @param tls.authClients Require clients to authenticate or not
289
##
290
authClients: true
291
## @param tls.autoGenerated Generate automatically self-signed TLS certificates
292
##
293
autoGenerated: false
294
## @param tls.existingSecret The name of the existing secret that contains the TLS certificates
295
##
296
existingSecret: ""
297
## @param tls.certificatesSecret DEPRECATED. Use tls.existingSecret instead
298
##
299
certificatesSecret: ""
300
## @param tls.certFilename Certificate filename
301
##
302
certFilename: ""
303
## @param tls.certKeyFilename Certificate key filename
304
##
305
certKeyFilename: ""
306
## @param tls.certCAFilename CA Certificate filename
307
##
308
certCAFilename: ""
309
## @param tls.dhParamsFilename File containing DH params (in order to support DH based ciphers)
310
##
311
dhParamsFilename: ""
312
## Redis® Service properties for standalone mode.
313
##
314
service:
315
## @param service.ports.redis Kubernetes Redis service port
316
##
317
ports:
318
redis: 6379
319
## Node ports to expose
320
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
321
## @param service.nodePorts.redis Node port for Redis
322
##
323
nodePorts:
324
redis: ""
325
## @param service.extraPorts Extra ports to expose in the service (normally used with the `sidecar` value)
326
##
327
extraPorts: []
328
## @param service.annotations Provide any additional annotations which may be required.
329
## This can be used to set the LoadBalancer service type to internal only.
330
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
331
##
332
annotations: {}
333
## @param service.labels Additional labels for redis service
334
##
335
labels: {}
336
## @param service.type Service type for default redis service
337
## Setting this to LoadBalancer may require corresponding service annotations for loadbalancer creation to succeed.
338
## Currently supported types are ClusterIP (default) and LoadBalancer
339
##
340
type: ClusterIP
341
## @param service.clusterIP Service Cluster IP
342
## e.g.:
343
## clusterIP: None
344
##
345
clusterIP: ""
346
## @param service.loadBalancerIP Load balancer IP if `service.type` is `LoadBalancer`
347
## If service.type is LoadBalancer, request a specific static IP address if supported by the cloud provider, otherwise leave blank
348
##
349
loadBalancerIP: ""
350
## @param service.loadBalancerClass Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
351
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
352
##
353
loadBalancerClass: ""
354
## @param service.loadBalancerSourceRanges Service Load Balancer sources
355
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
356
## e.g:
357
## loadBalancerSourceRanges:
358
## - 10.10.10.0/24
359
##
360
loadBalancerSourceRanges: []
361
## @param service.externalTrafficPolicy Service external traffic policy
362
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
363
##
364
externalTrafficPolicy: Cluster
365
## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
366
## If "ClientIP", consecutive client requests will be directed to the same Pod
367
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
368
##
369
sessionAffinity: None
370
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
371
## sessionAffinityConfig:
372
## clientIP:
373
## timeoutSeconds: 300
374
##
375
sessionAffinityConfig: {}
376
## Headless service properties
377
##
378
headless:
379
## @param service.headless.annotations Annotations for the headless service.
380
##
381
annotations: {}
382
## Enable persistence using Persistent Volume Claims
383
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
384
##
385
persistence:
386
## @param persistence.enabled Enable persistence on Redis®
387
## If enabled, nodes are using Persistent Volume Claims
388
## If disabled, an emptyDir volume is used. This is not recommended.
389
## ref: https://github.com/iamguarded/charts/tree/main/iamguarded/redis-cluster#persistence
390
##
391
enabled: true
392
## @param persistence.path Path to mount the volume at, to use other images Redis® images.
393
##
394
path: /iamguarded/redis/data
395
## @param persistence.subPath The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services
396
##
397
subPath: ""
398
## @param persistence.storageClass Storage class of backing PVC
399
## If defined, storageClassName: <storageClass>
400
## If set to "-", storageClassName: "", which disables dynamic provisioning
401
## If undefined (the default) or set to null, no storageClassName spec is
402
## set, choosing the default provisioner. (gp2 on AWS, standard on
403
## GKE, AWS & OpenStack)
404
##
405
storageClass: ""
406
## @param persistence.annotations Persistent Volume Claim annotations
407
##
408
annotations: {}
409
## @param persistence.labels Persistent Volume Claim labels
410
##
411
labels: {}
412
## @param persistence.accessModes Persistent Volume Access Modes
413
##
414
accessModes:
415
- ReadWriteOnce
416
## @param persistence.size Size of data volume
417
##
418
size: 8Gi
419
## @param persistence.matchLabels Persistent Volume selectors
420
## https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector
421
##
422
matchLabels: {}
423
## @param persistence.matchExpressions matchExpressions Persistent Volume selectors
424
##
425
matchExpressions: {}
426
## persistentVolumeClaimRetentionPolicy
427
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
428
## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet
429
## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
430
## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
431
persistentVolumeClaimRetentionPolicy:
432
enabled: false
433
whenScaled: Retain
434
whenDeleted: Retain
435
## Init containers parameters:
436
## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup
437
##
438
volumePermissions:
439
## @param volumePermissions.enabled Enable init container that changes volume permissions in the registry (for cases where the default k8s `runAsUser` and `fsUser` values do not work)
440
##
441
enabled: false
442
## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
443
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository
444
## @skip volumePermissions.image.tag Init container volume-permissions image tag
445
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
446
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
447
## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
448
##
449
image:
450
registry: cgr.dev
451
repository: chainguard-private/os-shell-iamguarded
452
tag: 1.0.0
453
digest: ""
454
pullPolicy: IfNotPresent
455
## Optionally specify an array of imagePullSecrets.
456
## Secrets must be manually created in the namespace.
457
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
458
## e.g:
459
## pullSecrets:
460
## - myRegistryKeySecretName
461
##
462
pullSecrets: []
463
## Containers Security Context
464
## @param volumePermissions.containerSecurityContext.enabled Enable Containers' Security Context
465
## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
466
## @param volumePermissions.containerSecurityContext.runAsUser User ID for the containers.
467
## @param volumePermissions.containerSecurityContext.privileged Run container as privileged
468
##
469
containerSecurityContext:
470
enabled: true
471
seLinuxOptions: {}
472
runAsUser: 0
473
privileged: false
474
## Container resource requests and limits
475
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
476
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
477
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
478
##
479
resourcesPreset: "nano"
480
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
481
## Example:
482
## resources:
483
## requests:
484
## cpu: 2
485
## memory: 512Mi
486
## limits:
487
## cpu: 3
488
## memory: 1024Mi
489
##
490
resources: {}
491
## @param serviceBindings.enabled Create secret for service binding (Experimental)
492
## Ref: https://servicebinding.io/service-provider/
493
##
494
serviceBindings:
495
enabled: false
496
## PodSecurityPolicy configuration
497
## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
498
## @param podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
499
##
500
podSecurityPolicy:
501
create: false
502
## @section Redis® statefulset parameters
503
##
504
redis:
505
## @param redis.command Redis® entrypoint string. The command `redis-server` is executed if this is not provided
506
##
507
command: []
508
## @param redis.args Arguments for the provided command if needed
509
##
510
args: []
511
## @param redis.updateStrategy.type Argo Workflows statefulset strategy type
512
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
513
##
514
updateStrategy:
515
## StrategyType
516
## Can be set to RollingUpdate or OnDelete
517
##
518
type: RollingUpdate
519
## @param redis.updateStrategy.rollingUpdate.partition Partition update strategy
520
## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions
521
##
522
rollingUpdate:
523
partition: 0
524
## @param redis.podManagementPolicy Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join
525
## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
526
##
527
podManagementPolicy: Parallel
528
## @param redis.automountServiceAccountToken Mount Service Account token in pod
529
##
530
automountServiceAccountToken: false
531
## @param redis.hostAliases Deployment pod host aliases
532
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
533
##
534
hostAliases: []
535
## @param redis.hostNetwork Host networking requested for this pod. Use the host's network namespace.
536
## https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#podspec-v1-core
537
##
538
hostNetwork: false
539
## @param redis.useAOFPersistence Whether to use AOF Persistence mode or not
540
## It is strongly recommended to use this type when dealing with clusters
541
## ref: https://redis.io/topics/persistence#append-only-file
542
## ref: https://redis.io/topics/cluster-tutorial#creating-and-using-a-redis-cluster
543
##
544
useAOFPersistence: "yes"
545
## @param redis.containerPorts.redis Redis® port
546
## @param redis.containerPorts.bus The busPort should be obtained adding 10000 to the redisPort. By default: 10000 + 6379 = 16379
547
##
548
containerPorts:
549
redis: 6379
550
bus: 16379
551
## @param redis.lifecycleHooks LifecycleHook to set additional configuration before or after startup. Evaluated as a template
552
##
553
lifecycleHooks: {}
554
## @param redis.extraVolumes Extra volumes to add to the deployment
555
##
556
extraVolumes: []
557
## @param redis.extraVolumeMounts Extra volume mounts to add to the container
558
##
559
extraVolumeMounts: []
560
## @param redis.customLivenessProbe Override default liveness probe
561
##
562
customLivenessProbe: {}
563
## @param redis.customReadinessProbe Override default readiness probe
564
##
565
customReadinessProbe: {}
566
## @param redis.customStartupProbe Custom startupProbe that overrides the default one
567
##
568
customStartupProbe: {}
569
## @param redis.initContainers Extra init containers to add to the deployment
570
##
571
initContainers: []
572
## @param redis.sidecars Extra sidecar containers to add to the deployment
573
##
574
sidecars: []
575
## @param redis.podLabels Additional labels for Redis® pod
576
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
577
##
578
podLabels: {}
579
## @param redis.priorityClassName Redis® Master pod priorityClassName
580
##
581
priorityClassName: ""
582
## @param redis.defaultConfigOverride Optional default Redis® configuration for the nodes
583
## If not set, the default Redis configuration from the chart is used
584
## ref: https://redis.io/topics/config
585
##
586
defaultConfigOverride: ""
587
## @param redis.configmap Additional Redis® configuration for the nodes
588
## ref: https://redis.io/topics/config
589
##
590
configmap: ""
591
## @param redis.extraEnvVars An array to add extra environment variables
592
## For example:
593
## - name: BEARER_AUTH
594
## value: true
595
##
596
extraEnvVars: []
597
## @param redis.extraEnvVarsCM ConfigMap with extra environment variables
598
##
599
extraEnvVarsCM: ""
600
## @param redis.extraEnvVarsSecret Secret with extra environment variables
601
##
602
extraEnvVarsSecret: ""
603
## @param redis.podAnnotations Redis® additional annotations
604
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
605
##
606
podAnnotations: {}
607
## Redis® resource requests and limits
608
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
609
## @param redis.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if redis.resources is set (redis.resources is recommended for production).
610
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
611
##
612
resourcesPreset: "nano"
613
## @param redis.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
614
## Example:
615
## resources:
616
## requests:
617
## cpu: 2
618
## memory: 512Mi
619
## limits:
620
## cpu: 3
621
## memory: 1024Mi
622
##
623
resources: {}
624
## @param redis.schedulerName Use an alternate scheduler, e.g. "stork".
625
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
626
##
627
schedulerName: ""
628
## @param redis.shareProcessNamespace Enable shared process namespace in a pod.
629
## If set to false (default), each container will run in separate namespace, redis will have PID=1.
630
## If set to true, the /pause will run as init process and will reap any zombie PIDs,
631
## for example, generated by a custom exec probe running longer than a probe timeoutSeconds.
632
## Enable this only if customLivenessProbe or customReadinessProbe is used and zombie PIDs are accumulating.
633
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
634
##
635
shareProcessNamespace: false
636
## @param redis.terminationGracePeriodSeconds Set custom gracefull termination period for redis container.
637
## If not set the kubernetes default will be applied.
638
## Customize it based on your workload. Huge redis with high load may wants more than default time to dump
639
## their data before complete termination.
640
## Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution
641
##
642
terminationGracePeriodSeconds: 30
643
## Configure extra options for Redis® liveness probes
644
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
645
## @param redis.livenessProbe.enabled Enable livenessProbe
646
## @param redis.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
647
## @param redis.livenessProbe.periodSeconds Period seconds for livenessProbe
648
## @param redis.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
649
## @param redis.livenessProbe.failureThreshold Failure threshold for livenessProbe
650
## @param redis.livenessProbe.successThreshold Success threshold for livenessProbe
651
##
652
livenessProbe:
653
enabled: true
654
initialDelaySeconds: 5
655
periodSeconds: 5
656
timeoutSeconds: 5
657
successThreshold: 1
658
failureThreshold: 5
659
## Configure extra options for Redis® readiness probes
660
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
661
## @param redis.readinessProbe.enabled Enable readinessProbe
662
## @param redis.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
663
## @param redis.readinessProbe.periodSeconds Period seconds for readinessProbe
664
## @param redis.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
665
## @param redis.readinessProbe.failureThreshold Failure threshold for readinessProbe
666
## @param redis.readinessProbe.successThreshold Success threshold for readinessProbe
667
##
668
readinessProbe:
669
enabled: true
670
initialDelaySeconds: 5
671
periodSeconds: 5
672
timeoutSeconds: 1
673
successThreshold: 1
674
failureThreshold: 5
675
## @param redis.startupProbe.enabled Enable startupProbe
676
## @param redis.startupProbe.path Path to check for startupProbe
677
## @param redis.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
678
## @param redis.startupProbe.periodSeconds Period seconds for startupProbe
679
## @param redis.startupProbe.timeoutSeconds Timeout seconds for startupProbe
680
## @param redis.startupProbe.failureThreshold Failure threshold for startupProbe
681
## @param redis.startupProbe.successThreshold Success threshold for startupProbe
682
##
683
startupProbe:
684
enabled: false
685
path: /
686
initialDelaySeconds: 300
687
periodSeconds: 10
688
timeoutSeconds: 5
689
failureThreshold: 6
690
successThreshold: 1
691
## @param redis.podAffinityPreset Redis® pod affinity preset. Ignored if `redis.affinity` is set. Allowed values: `soft` or `hard`
692
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
693
##
694
podAffinityPreset: ""
695
## @param redis.podAntiAffinityPreset Redis® pod anti-affinity preset. Ignored if `redis.affinity` is set. Allowed values: `soft` or `hard`
696
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
697
##
698
podAntiAffinityPreset: soft
699
## Redis® node affinity preset
700
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
701
##
702
nodeAffinityPreset:
703
## @param redis.nodeAffinityPreset.type Redis® node affinity preset type. Ignored if `redis.affinity` is set. Allowed values: `soft` or `hard`
704
##
705
type: ""
706
## @param redis.nodeAffinityPreset.key Redis® node label key to match Ignored if `redis.affinity` is set.
707
## E.g.
708
## key: "kubernetes.io/e2e-az-name"
709
##
710
key: ""
711
## @param redis.nodeAffinityPreset.values Redis® node label values to match. Ignored if `redis.affinity` is set.
712
## E.g.
713
## values:
714
## - e2e-az1
715
## - e2e-az2
716
##
717
values: []
718
## @param redis.affinity Affinity settings for Redis® pod assignment
719
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
720
## Note: redis.podAffinityPreset, redis.podAntiAffinityPreset, and redis.nodeAffinityPreset will be ignored when it's set
721
##
722
affinity: {}
723
## @param redis.nodeSelector Node labels for Redis® pods assignment
724
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
725
##
726
nodeSelector: {}
727
## @param redis.tolerations Tolerations for Redis® pods assignment
728
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
729
##
730
tolerations: []
731
## @param redis.topologySpreadConstraints Pod topology spread constraints for Redis® pod
732
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
733
## The value is evaluated as a template
734
##
735
topologySpreadConstraints: []
736
## @section Cluster update job parameters
737
##
738
739
## Cluster update job settings
740
##
741
updateJob:
742
## @param updateJob.activeDeadlineSeconds Number of seconds the Job to create the cluster will be waiting for the Nodes to be ready.
743
##
744
activeDeadlineSeconds: 600
745
## @param updateJob.command Container command (using container default if not set)
746
##
747
command: []
748
## @param updateJob.args Container args (using container default if not set)
749
##
750
args: []
751
## @param updateJob.automountServiceAccountToken Mount Service Account token in pod
752
##
753
automountServiceAccountToken: false
754
## @param updateJob.hostAliases Deployment pod host aliases
755
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
756
##
757
hostAliases: []
758
## @param updateJob.helmHook Job Helm hook
759
## https://helm.sh/docs/topics/charts_hooks/#the-available-hooks
760
##
761
helmHook: post-upgrade
762
## @param updateJob.annotations Job annotations
763
##
764
annotations: {}
765
## @param updateJob.podAnnotations Job pod annotations
766
##
767
podAnnotations: {}
768
## @param updateJob.podLabels Pod extra labels
769
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
770
##
771
podLabels: {}
772
## @param updateJob.extraEnvVars An array to add extra environment variables
773
## For example:
774
## - name: BEARER_AUTH
775
## value: true
776
##
777
extraEnvVars: []
778
## @param updateJob.extraEnvVarsCM ConfigMap containing extra environment variables
779
##
780
extraEnvVarsCM: ""
781
## @param updateJob.extraEnvVarsSecret Secret containing extra environment variables
782
##
783
extraEnvVarsSecret: ""
784
## @param updateJob.extraVolumes Extra volumes to add to the deployment
785
##
786
extraVolumes: []
787
## @param updateJob.extraVolumeMounts Extra volume mounts to add to the container
788
##
789
extraVolumeMounts: []
790
## @param updateJob.initContainers Extra init containers to add to the deployment
791
##
792
initContainers: []
793
## @param updateJob.podAffinityPreset Update job pod affinity preset. Ignored if `updateJob.affinity` is set. Allowed values: `soft` or `hard`
794
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
795
##
796
podAffinityPreset: ""
797
## @param updateJob.podAntiAffinityPreset Update job pod anti-affinity preset. Ignored if `updateJob.affinity` is set. Allowed values: `soft` or `hard`
798
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
799
##
800
podAntiAffinityPreset: soft
801
## Update job node affinity preset
802
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
803
##
804
nodeAffinityPreset:
805
## @param updateJob.nodeAffinityPreset.type Update job node affinity preset type. Ignored if `updateJob.affinity` is set. Allowed values: `soft` or `hard`
806
##
807
type: ""
808
## @param updateJob.nodeAffinityPreset.key Update job node label key to match Ignored if `updateJob.affinity` is set.
809
## E.g.
810
## key: "kubernetes.io/e2e-az-name"
811
##
812
key: ""
813
## @param updateJob.nodeAffinityPreset.values Update job node label values to match. Ignored if `updateJob.affinity` is set.
814
## E.g.
815
## values:
816
## - e2e-az1
817
## - e2e-az2
818
##
819
values: []
820
## @param updateJob.affinity Affinity for update job pods assignment
821
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
822
## Note: updateJob.podAffinityPreset, updateJob.podAntiAffinityPreset, and updateJob.nodeAffinityPreset will be ignored when it's set
823
##
824
affinity: {}
825
## @param updateJob.nodeSelector Node labels for update job pods assignment
826
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
827
##
828
nodeSelector: {}
829
## @param updateJob.tolerations Tolerations for update job pods assignment
830
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
831
##
832
tolerations: []
833
## @param updateJob.priorityClassName Priority class name
834
##
835
priorityClassName: ""
836
## Container resource requests and limits
837
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
838
## We usually recommend not to specify default resources and to leave this as a conscious
839
## choice for the user. This also increases chances charts run on environments with little
840
## resources, such as Minikube. If you do want to specify resources, uncomment the following
841
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
842
## @param updateJob.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if updateJob.resources is set (updateJob.resources is recommended for production).
843
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
844
##
845
resourcesPreset: "nano"
846
## @param updateJob.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
847
## Example:
848
## resources:
849
## requests:
850
## cpu: 2
851
## memory: 512Mi
852
## limits:
853
## cpu: 3
854
## memory: 1024Mi
855
##
856
resources: {}
857
## @section Cluster management parameters
858
##
859
860
## Redis(R) Cluster settings
861
##
862
cluster:
863
## @param cluster.init Enable the initialization of the Redis(R) Cluster
864
##
865
init: true
866
## Number of Redis® nodes to be deployed
867
##
868
## Note:
869
## This is total number of nodes including the replicas. Meaning there will be 3 master and 3 replica
870
## nodes (as replica count is set to 1 by default, there will be 1 replica per master node).
871
## Hence, nodes = numberOfMasterNodes + numberOfMasterNodes * replicas
872
##
873
## @param cluster.nodes The number of master nodes should always be >= 3, otherwise cluster creation will fail
874
##
875
nodes: 6
876
## @param cluster.replicas Number of replicas for every master in the cluster
877
## Parameter to be passed as --cluster-replicas to the redis-cli --cluster create
878
## 1 means that we want a replica for every master created
879
##
880
replicas: 1
881
## Configuration to access the Redis(R) Cluster from outside the Kubernetes cluster
882
##
883
externalAccess:
884
## @param cluster.externalAccess.enabled Enable access to the Redis
885
##
886
enabled: false
887
## @param cluster.externalAccess.hostMode Set cluster preferred endpoint type as hostname
888
## ref: https://github.com/redis/redis/pull/9530
889
##
890
hostMode: false
891
service:
892
## @param cluster.externalAccess.service.disableLoadBalancerIP Disable use of `Service.spec.loadBalancerIP`
893
##
894
disableLoadBalancerIP: false
895
## @param cluster.externalAccess.service.loadBalancerIPAnnotaion Name of annotation to specify fixed IP for service in. Disables `Service.spec.loadBalancerIP` if not empty
896
##
897
loadBalancerIPAnnotaion: ""
898
## @param cluster.externalAccess.service.type Type for the services used to expose every Pod
899
## At this moment only LoadBalancer is supported
900
##
901
type: LoadBalancer
902
## @param cluster.externalAccess.service.port Port for the services used to expose every Pod
903
##
904
port: 6379
905
## @param cluster.externalAccess.service.loadBalancerIP Array of load balancer IPs for each Redis® node. Length must be the same as cluster.nodes
906
##
907
loadBalancerIP: []
908
## @param cluster.externalAccess.service.loadBalancerClass Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
909
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
910
##
911
loadBalancerClass: ""
912
## @param cluster.externalAccess.service.loadBalancerSourceRanges Service Load Balancer sources
913
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
914
## e.g:
915
## loadBalancerSourceRanges:
916
## - 10.10.10.0/24
917
##
918
loadBalancerSourceRanges: []
919
## @param cluster.externalAccess.service.annotations Annotations to add to the services used to expose every Pod of the Redis(R) Cluster
920
##
921
annotations: {}
922
## This section allows to update the Redis® cluster nodes.
923
##
924
update:
925
## @param cluster.update.addNodes Boolean to specify if you want to add nodes after the upgrade
926
## Setting this to true a hook will add nodes to the Redis® cluster after the upgrade. currentNumberOfNodes and currentNumberOfReplicas is required
927
##
928
addNodes: false
929
## @param cluster.update.currentNumberOfNodes Number of currently deployed Redis® nodes
930
##
931
currentNumberOfNodes: 6
932
## @param cluster.update.currentNumberOfReplicas Number of currently deployed Redis® replicas
933
##
934
currentNumberOfReplicas: 1
935
## @param cluster.update.newExternalIPs External IPs obtained from the services for the new nodes to add to the cluster
936
##
937
newExternalIPs: []
938
## @section Metrics sidecar parameters
939
##
940
941
## Prometheus Exporter / Metrics
942
##
943
metrics:
944
## @param metrics.enabled Start a side-car prometheus exporter
945
##
946
enabled: false
947
## @param metrics.image.registry [default: REGISTRY_NAME] Redis® exporter image registry
948
## @param metrics.image.repository [default: REPOSITORY_NAME/redis-exporter] Redis® exporter image name
949
## @skip metrics.image.tag Redis® exporter image tag
950
## @param metrics.image.digest Redis® exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
951
## @param metrics.image.pullPolicy Redis® exporter image pull policy
952
## @param metrics.image.pullSecrets Specify docker-registry secret names as an array
953
##
954
image:
955
registry: cgr.dev
956
repository: chainguard-private/prometheus-redis-exporter-iamguarded
957
tag: 1.81.0
958
digest: ""
959
pullPolicy: IfNotPresent
960
## Optionally specify an array of imagePullSecrets.
961
## Secrets must be manually created in the namespace.
962
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
963
## e.g:
964
## pullSecrets:
965
## - myRegistryKeySecretName
966
##
967
pullSecrets: []
968
## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
969
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
970
##
971
resourcesPreset: "nano"
972
## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
973
## Example:
974
## resources:
975
## requests:
976
## cpu: 2
977
## memory: 512Mi
978
## limits:
979
## cpu: 3
980
## memory: 1024Mi
981
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
982
##
983
resources: {}
984
## @param metrics.extraArgs Extra arguments for the binary; possible values [here](https://github.com/oliver006/redis_exporter)
985
## extraArgs:
986
## check-keys: myKey,myOtherKey
987
##
988
extraArgs: {}
989
## @param metrics.extraEnvVars Array with extra environment variables to add to Redis® exporter
990
## e.g:
991
# extraEnvVars:
992
## - name: FOO
993
## value: "bar"
994
##
995
extraEnvVars: []
996
## @param metrics.containerPorts.http Metrics HTTP container port
997
##
998
containerPorts:
999
http: 9121
1000
## @param metrics.podAnnotations [object] Additional annotations for Metrics exporter pod
1001
##
1002
podAnnotations:
1003
prometheus.io/scrape: "true"
1004
prometheus.io/port: "9121"
1005
## @param metrics.podLabels Additional labels for Metrics exporter pod
1006
##
1007
podLabels: {}
1008
## Containers' Security Context - All fields other than `enabled` get added to the metrics container's security context
1009
## @param metrics.containerSecurityContext.enabled Enabled containers' Security Context
1010
## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1011
## @param metrics.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
1012
## @param metrics.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
1013
## @param metrics.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
1014
## @param metrics.containerSecurityContext.privileged Set container's Security Context privileged
1015
## @param metrics.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
1016
## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
1017
## @param metrics.containerSecurityContext.capabilities.drop List of capabilities to be dropped
1018
## @param metrics.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
1019
##
1020
containerSecurityContext:
1021
enabled: true
1022
seLinuxOptions: {}
1023
runAsUser: 1001
1024
runAsGroup: 1001
1025
runAsNonRoot: true
1026
privileged: false
1027
readOnlyRootFilesystem: true
1028
allowPrivilegeEscalation: false
1029
capabilities:
1030
drop: ["ALL"]
1031
seccompProfile:
1032
type: "RuntimeDefault"
1033
## Enable this if you're using https://github.com/coreos/prometheus-operator
1034
##
1035
serviceMonitor:
1036
## @param metrics.serviceMonitor.enabled If `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)
1037
##
1038
enabled: false
1039
## @param metrics.serviceMonitor.namespace Optional namespace which Prometheus is running in
1040
##
1041
namespace: ""
1042
## @param metrics.serviceMonitor.interval How frequently to scrape metrics (use by default, falling back to Prometheus' default)
1043
##
1044
interval: ""
1045
## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
1046
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
1047
## e.g:
1048
## scrapeTimeout: 10s
1049
##
1050
scrapeTimeout: ""
1051
## @param metrics.serviceMonitor.selector Prometheus instance selector labels
1052
## ref: https://github.com/iamguarded/charts/tree/main/iamguarded/prometheus-operator#prometheus-configuration
1053
## e.g:
1054
## selector:
1055
## prometheus: my-prometheus
1056
##
1057
selector: {}
1058
## @param metrics.serviceMonitor.labels ServiceMonitor extra labels
1059
##
1060
labels: {}
1061
## @param metrics.serviceMonitor.annotations ServiceMonitor annotations
1062
##
1063
annotations: {}
1064
## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
1065
##
1066
jobLabel: ""
1067
## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping
1068
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
1069
##
1070
relabelings: []
1071
## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion
1072
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
1073
##
1074
metricRelabelings: []
1075
## Custom PrometheusRule to be defined
1076
## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart
1077
## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
1078
## @param metrics.prometheusRule.enabled Set this to true to create prometheusRules for Prometheus operator
1079
## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so prometheusRules will be discovered by Prometheus
1080
## @param metrics.prometheusRule.namespace namespace where prometheusRules resource should be created
1081
## @param metrics.prometheusRule.rules Create specified [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/), check values for an example.
1082
##
1083
prometheusRule:
1084
enabled: false
1085
additionalLabels: {}
1086
namespace: ""
1087
## These are just examples rules, please adapt them to your needs.
1088
## Make sure to constraint the rules to the current postgresql service.
1089
## - alert: RedisDown
1090
## expr: redis_up{service="{{ template "common.names.fullname" . }}-metrics"} == 0
1091
## for: 2m
1092
## labels:
1093
## severity: error
1094
## annotations:
1095
## summary: Redis® instance {{ "{{ $instance }}" }} down
1096
## description: Redis® instance {{ "{{ $instance }}" }} is down.
1097
## - alert: RedisMemoryHigh
1098
## expr: >
1099
## redis_memory_used_bytes{service="{{ template "common.names.fullname" . }}-metrics"} * 100
1100
## /
1101
## redis_memory_max_bytes{service="{{ template "common.names.fullname" . }}-metrics"}
1102
## > 90
1103
## for: 2m
1104
## labels:
1105
## severity: error
1106
## annotations:
1107
## summary: Redis® instance {{ "{{ $instance }}" }} is using too much memory
1108
## description: Redis® instance {{ "{{ $instance }}" }} is using {{ "{{ $value }}" }}% of its available memory.
1109
## - alert: RedisKeyEviction
1110
## expr: increase(redis_evicted_keys_total{service="{{ template "common.names.fullname" . }}-metrics"}[5m]) > 0
1111
## for: 1s
1112
## labels:
1113
## severity: error
1114
## annotations:
1115
## summary: Redis® instance {{ "{{ $instance }}" }} has evicted keys
1116
## description: Redis® instance {{ "{{ $instance }}" }} has evicted {{ "{{ $value }}" }} keys in the last 5 minutes.
1117
##
1118
rules: []
1119
## @param metrics.priorityClassName Metrics exporter pod priorityClassName
1120
##
1121
priorityClassName: ""
1122
## @param metrics.service.type Kubernetes Service type (redis metrics)
1123
## @param metrics.service.loadBalancerIP Use serviceLoadBalancerIP to request a specific static IP, otherwise leave blank
1124
## @param metrics.service.loadBalancerClass Load Balancer class if service type is `LoadBalancer` (optional, cloud specific)
1125
## @param metrics.service.annotations Annotations for the services to monitor.
1126
## @param metrics.service.labels Additional labels for the metrics service
1127
##
1128
service:
1129
type: ClusterIP
1130
ports:
1131
## @param metrics.service.ports.http Metrics HTTP service port
1132
##
1133
http: 9121
1134
## @param metrics.service.ports.appProtocol Metrics service appProtocol
1135
##
1136
appProtocol: ""
1137
## @param metrics.service.clusterIP Service Cluster IP
1138
## e.g.:
1139
## clusterIP: None
1140
##
1141
clusterIP: ""
1142
loadBalancerIP: ""
1143
loadBalancerClass: ""
1144
annotations: {}
1145
labels: {}
1146
## @section Sysctl Image parameters
1147
##
1148
1149
## Sysctl InitContainer
1150
## Used to perform sysctl operation to modify Kernel settings (needed sometimes to avoid warnings)
1151
##
1152
sysctlImage:
1153
## @param sysctlImage.enabled Enable an init container to modify Kernel settings
1154
##
1155
enabled: false
1156
## @param sysctlImage.command sysctlImage command to execute
1157
##
1158
command: []
1159
## @param sysctlImage.registry [default: REGISTRY_NAME] sysctlImage Init container registry
1160
## @param sysctlImage.repository [default: REPOSITORY_NAME/os-shell] sysctlImage Init container repository
1161
## @skip sysctlImage.tag sysctlImage Init container tag
1162
## @param sysctlImage.digest sysctlImage Init container digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
1163
## @param sysctlImage.pullPolicy sysctlImage Init container pull policy
1164
## @param sysctlImage.pullSecrets Specify docker-registry secret names as an array
1165
##
1166
registry: cgr.dev
1167
repository: chainguard-private/os-shell-iamguarded
1168
tag: 1.0.0
1169
digest: ""
1170
pullPolicy: IfNotPresent
1171
## Optionally specify an array of imagePullSecrets.
1172
## Secrets must be manually created in the namespace.
1173
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
1174
## e.g:
1175
## pullSecrets:
1176
## - myRegistryKeySecretName
1177
##
1178
pullSecrets: []
1179
## @param sysctlImage.mountHostSys Mount the host `/sys` folder to `/host-sys`
1180
##
1181
mountHostSys: false
1182
## Containers Security Context
1183
## @param sysctlImage.containerSecurityContext.enabled Enable Containers' Security Context
1184
## @param sysctlImage.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1185
## @param sysctlImage.containerSecurityContext.runAsUser User ID for the containers.
1186
## @param sysctlImage.containerSecurityContext.privileged Run privileged as privileged
1187
##
1188
containerSecurityContext:
1189
enabled: true
1190
seLinuxOptions: {}
1191
runAsUser: 0
1192
privileged: true
1193
## Container resource requests and limits
1194
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1195
## @param sysctlImage.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if sysctlImage.resources is set (sysctlImage.resources is recommended for production).
1196
## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15
1197
##
1198
resourcesPreset: "nano"
1199
## @param sysctlImage.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1200
## Example:
1201
## resources:
1202
## requests:
1203
## cpu: 2
1204
## memory: 512Mi
1205
## limits:
1206
## cpu: 3
1207
## memory: 1024Mi
1208
##
1209
resources: {}
1210